eScan retains its Gold Partnership with Microsoft

November 22, 2017

MUMBAI, India November 21, 2017 – eScan Enterprise Security Solution has once again retained the Microsoft Gold Partnership. eScan has earned the “Gold Certificate” in Microsoft’s Partner Program in recognition of its expertise, strategic role and contribution to the security industry.

MultiLine Color

eScan had successfully completed the stringent process of Microsoft to earn the most credible Microsoft Gold Certificate & it is the highest level of Microsoft partnership. For the certification every participant must enroll certain number of partner points throughout the year to qualify. eScan has been receiving this prestigious certificate for over a decade now consecutively.

As a certified gold partner, eScan will have access to the Partner Knowledge Base and receive priority listing in Microsoft directories. The Microsoft partner network enables eScan strengthen its capabilities to showcase leadership at the marketplace on the latest technologies. This also is testimony to better serve customers with trust and commitment.

Mr Govind Rammurthy, CEO & MD, eScan, “This Microsoft Gold Partnership certificate showcases our expertise and commitment to today’s technology market and demonstrates our deep knowledge of MS technologies and its products. It establishes our drive towards developing world-class products at par with our global peers and provides security to the vast MS platform users.”

# # # 

About eScan

eScan is an ISO (27001) certified pure play enterprise security solution company with over 2 decades of expertise in developing IT security solutions. eScan today has a presence in 12 countries through its offices and subsidiaries. It also boasts of a robust channel partner network of more than 50, 000 partners spread across 190 countries worldwide. It is trusted by more than 6,500 enterprise and corporate users spread across various industry segments such as Government, BFSI, Education, Defense, Telecom, IT & ITeS, Infrastructure, Hospitality, and Healthcare worldwide.

It is powered by some of the latest and innovative technologies, such as Proactive Behavioral Analysis Engine (PBAE) Technology, MicroWorld Winsock Layer (MWL) Technology, Domain & IP Reputation Check (DIRC) Technology, Non-Intrusive Learning Pattern (NILP) Technology, and sophisticated Anti-Virus Heuristic Algorithms that not only provide protection from current threats, but also provides proactive protection against the ever-evolving cyber threats. eScan provides 24×7 free remote support facility to help its esteemed users to provide real-time solutions for security related issues.

For more information, visit www.escanav.com

Advertisements

VB 100 Test Establishes eScan’s Global Standards

November 16, 2017

MUMBAI, India November 16, 2017 – eScan has yet again achieved Virus Bulletin’s VB100’s comparative review test certificate for its eScan Internet Security Suite. The test, in October 2017, was conducted on Windows 7 and 10 Professional. eScan Internet Security Suite (ISS) proved its capability of providing advanced protection against malware listed by WildList Organization with the RAP score of 100%.

VB100

Various kinds of cyber-security incidents have affected many of the large and small IT infrastructures since the start of the year with a breakout of ransomware attacks. 2017 has become the year of IT Security with spurt in growth of the digital drive, smart city and IoT products. eScan’s ISS has been rewarded with the VB100 certificate for being a strong anti-malware solution. It meets the quality standards of endpoint security products and provides Zero-Day protection to endpoints from objectionable content and security threats, such as viruses, spyware, adware, key-loggers, rootkits, botnets, hackers, spam, and phishing.

Mr Govind Rammurthy, MD and CEO, eScan said, “The recent rise in the complexity of cyber-attacks has made it critical to focus on endpoint security. Mainly focused on realistic test scenarios and real-world threats, eScan Internet Security Suite effectively safeguards endpoints/PCs by evading all evolving IT security threats, with minimal system impact as well as absolutely zero false warnings, false positive and false blockages. The test establishes our global standards of development and research towards a secure world for our valuable users.”

eScan Internet Security Suite with Cloud Security for Home and Small Office Edition is a specially designed security product that provides real-time protection for computers and laptops from growing cyber threats, such as Viruses, Spyware, Adware, Keyloggers, Rootkits, Botnets, Hackers, Spam and Phishing. eScan ISS protects a user’s personal information and ensures safe computing environment for the whole family when browsing the internet, shopping online, performing online transactions or social networking. The product can be experienced at:

http://www.escanav.com/en/windows-antivirus/internet-security-suite.asp

# # #

 About eScan

eScan is an ISO (27001) certified pure play enterprise security solution company with over 2 decades of expertise in developing IT security solutions. eScan today has a presence in 12 countries through its offices and subsidiaries. It also boasts of a robust channel partner network of more than 50, 000 partners spread across 190 countries worldwide. It is trusted by more than 6,500 enterprise and corporate users spread across various industry segments such as Government, BFSI, Education, Defense, Telecom, IT & ITeS, Infrastructure, Hospitality, and Healthcare worldwide.

It is powered by some of the latest and innovative technologies, such as Proactive Behavioral Analysis Engine (PBAE) Technology, MicroWorld Winsock Layer (MWL) Technology, Domain & IP Reputation Check (DIRC) Technology, Non-Intrusive Learning Pattern (NILP) Technology, and sophisticated Anti-Virus Heuristic Algorithms that not only provide protection from current threats, but also provides proactive protection against the ever-evolving cyber threats. eScan provides 24×7 free remote support facility to help its esteemed users to provide real-time solutions for security related issues. For more information, visit www.escanav.com


Phishing: Targeting the Two-factor Authentication of Malaysian Banks

November 15, 2017

In the past few days we have been observing phishing spams targeting a host of Malaysian Banks under the garb of tax refunds. Although it is not new for the scammers to host one phishing site which provides a variety of choices for their intended victims.

The scammers have targeted the email systems of a well-known health organization in the US and by using an open proxy server accessed the OWA (Outlook Web Access) and logged on with the stolen credentials to send out spam mails.

eSca 2

The attached document shows the following message:

eScan 3

The scammers are using a URL shortner so as to not raise any suspicions

eScan 1

The phishing page has been designed to target as many Malaysian Online Banking users as possible.

eScan

All of us are aware that clicking on the individual bank links would show us the individual phish login pages, however this time around the scammers/hackers have gone one step ahead and have been actively targeting the Two-factor Authentication Code (TAC). This entire phishing attack is done in real-time. The victims would provide their login credentials to the phishing site and the attackers would be logging on to the actual banking site.

Lately banks are relying on the Two-factor Authentication and so are the scammers. The phishing site would present to its victims the TAC page, waiting for the actual bank to send the TAC to the victims and the victims in turn providing the TAC to the phishing site. This is one of the few phishing attacks which showcase the Man-in-The-Middle attack.

Indian Banks too have been implementing Two-Factor-Authentication for validating the online banking customers and coming few months we may observe criminals using the same tactics to targeting Indian Online Banking Customers.

eScan’s Smart filter, a heuristic filter detects these phishing attempts with ease and in the past too we have demonstrated its capabilities. Moreover, eScan’s Web Filter too detects these phishing pages and protects the users.

Advisory

  • Check the URL
  • Ensure that the banking Login Page is HTTPS enabled and it belongs to the said bank.
  • Using a powerful Internet Suite, like eScan on your computer systems and for your Mobile Devices would significantly reduce the chances of you failing a victim to such phishing attacks.
  • Identify phishing emails, such mails are filled with countless grammatical errors and are often written in awkward English.
  • Never respond to emails or messages from unknown sender that have “undisclosed recipients” in the address line.
  • Do not click on the link mentioned in the mail, if required type it in another browser tab to see what it contains.
  • If at all you happen to click such a link and see a request for your banking credentials or other details for any kind of verification or updating purpose, do not enter your personal or financial information.
  • Be careful and avoid providing information related to your credit card, bank account numbers or passwords to any unknown site or a fake site. Most Internet e-mails are NOT secure.
  • Never get carried away by genuine-looking website that contains identical looking logos, pictures and banners.

Bad Rabbit: Another Ransomware Getting on the List

October 25, 2017

In the recent past, numerous Ransomware has been targeting Europe and using various methods, jumped laterally across the networks and propagated to other countries, effectively breaching all geo-political boundaries.

A new Ransomware dubbed as Bad Rabbit has been rapidly targeting systems across Europe and following the footsteps of WannaCry and NotPetya. However, unlike WannaCry, Bad Rabbit does not use Eternal Blue for spreading laterally, but uses Mimikatz to extract the credentials from memory and tries to access systems within the same network via SMB and WebDAV.

Apart from encrypting the files, it adds the string “encrypted” at the end of the file rather than changing the extension. Changing the file extension is quite prevalent with most of the ransomware.

The primary mode of delivery is via a Fake Flash Player installer and upon execution by the user; it would start encrypting the files and then modify the Master Boot Record, reboot the system and display the Ransomware Note.

eScan actively detects and mitigates this threat. Users should always ensure that they update their computer systems with the patches that are made available by Software Vendors. They should always exercise caution whenever any website presents to you an executable to be downloaded.

Bad Rabbit – Indicators of Compromise (IOC)

Hashes:

File Name: install_flash_player.exe

Hash      : 630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcb

b97a558d0da

Detection: Trojan.GenericKD.6139887

File Name: dispci.exe

Hash      : 8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c

72740b838a0a93

Detection: Trojan.GenericKD.6139894

Files:

C:\Windows\infpub.dat

C:\Windows\System32\Tasks\drogon

C:\Windows\System32\Tasks\rhaegal

C:\Windows\cscc.dat

C:\Windows\dispci.exe

Registry entries:

HKLM\SYSTEM\CurrentControlSet\services\cscc

HKLM\SYSTEM\CurrentControlSet\services\cscc\Type               1

HKLM\SYSTEM\CurrentControlSet\services\cscc\Start               0

HKLM\SYSTEM\CurrentControlSet\services\cscc\ErrorControl 3

HKLM\SYSTEM\CurrentControlSet\services\cscc\ImagePath    cscc.dat

HKLM\SYSTEM\CurrentControlSet\services\cscc\DisplayName               Windows Client Side Caching DDriver

HKLM\SYSTEM\CurrentControlSet\services\cscc\Group            Filter

HKLM\SYSTEM\CurrentControlSet\services\cscc\DependOnService      FltMgr

HKLM\SYSTEM\CurrentControlSet\services\cscc\WOW64         1

Ransom Note:

Oops! Your files have been encrypted.

If you see this text, your files are no longer accessible.

You might have been looking for a way to recover your files.

Don’t waste your time. No one will be able to recover them without our decryption service.

We guarantee that you can recover all your files safely. All you need to do is submit the payment and get the decryption password.

Visit our web service at caforssztxqzf2nm.onion

Your personal installation key#1:

Network Activity:

Local & Remote SMB Traffic on ports 137, 139, 445

caforssztxqzf2nm.onion

Files extensions targeted for encryption:

.3ds .7z .accdb .ai .asm .asp .aspx .avhd .back .bak .bmp .brw .c .cab .cc .cer .cfg .conf .cpp .crt .cs .ctl .cxx .dbf .der .dib .disk .djvu .doc .docx .dwg .eml .fdb .gz .h .hdd .hpp .hxx .iso .java .jfif .jpe .jpeg .jpg .js .kdbx .key .mail .mdb .msg .nrg .odc .odf .odg .odi .odm .odp .ods .odt .ora .ost .ova .ovf .p12 .p7b .p7c .pdf .pem .pfx .php .pmf .png .ppt .pptx .ps1 .pst .pvi .py .pyc .pyw .qcow .qcow2 .rar .rb .rtf .scm .sln .sql .tar .tib .tif .tiff .vb .vbox .vbs .vcb .vdi .vfd .vhd .vhdx .vmc .vmdk .vmsd .vmtm .vmx .vsdx .vsv .work .xls .xlsx .xml .xvd .zip

Embedded RSA-2048 Key:

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5clDuVFr5sQxZ+feQlVvZcEK0k4uCSF

5SkOkF9A3tR6O/xAt89/PVhowvu2TfBTRsnBs83hcFH8hjG2V5F5DxXFoSxpTqVsR4lOm5KB2S8ap4

TinG/GN/SVNBFwllpRhV/vRWNmKgKIdROvkHxyALuJyUuCZlIoaJ5tB0YkATEHEyRsLcntZYsdwH1P+

NmXiNg2MH5lZ9bEOk7YTMfwVKNqtHaX0LJOyAkx4NR0DPOFLDQONW9OOhZSkRx3V7PC3Q29HHhyiKVC

PJsOW1l1mNtwL7KX+7kfNe0CefByEWfSBt1tbkvjdeP2xBnPjb3GE1GA/oGcGjrXc6wV8WKsfYQIDAQAB

Prevention Measures:

  • Administrators should block all executable files from being transmitted via emails.
  • Administrators should isolate the affected system in the Network.
  • Administrator can restore the encrypted files from the backup or from system restore point (if enabled) for affected systems.
  • Install and Configure eScan with all security modules active:

eScan Real Time Monitoring

eScan Proactive protection

eScan Firewall IDS/IPS Intrusion prevention

  • Users shouldn’t enable macros in documents.
  • Organizations should deploy and maintain a backup solution.
  • Most important, organizations should implement MailScan at the Gateway Level for mail servers, to contain the spread of suspicious attachments

 


Rogue Wi-Fi Hotspots

October 17, 2017

India offers two types of Wi-Fi access free metered access which requires the users to register and second are those hotspots which do not have any password.

Some of these are Government initiatives like the one in Mumbai is “Aaple_Sarkar_Mum-WI-FI”, while Google in conjunction with Indian Railways is offering free Wi-Fi services at Railway stations across India. Furthermore, Coffee Shops, Bookstores and Hotels have also been providing free Wi-Fi access.

The common factors are:

  1. These services require registration and authentication
  2. Located at Public Places.

Providing Free Wi-Fi has been the best move by the Government for this social networking crazed generation, which has been using it for accessing Facebook, Instagram, Whatsapp etc However, it shouldn’t take a long time for the cyber criminals to realize the huge potential of gaining access to the network traffic by implementing Rogue Wi-Fi hotspots.

Rogue Wi-Fi Hotspots could be turned into surveillance systems and could also be used to inject malicious / advertisements into the network traffic. It’s not just the researchers who have demonstrated but Organizations too have injected traffic into the network in the past and what would stop the criminals from using the same technology to monetize this craze of accessing Free Wi-Fi.

Privacy concerns are raised by the elite few while most of the others turn a blind eye as long as they don’t have to pay a dime for Internet Access and has been aptly proved by the 4G boom with the free offerings by all the Telcos, and ultimately resulted in market consolidation vis’a’vis data pricing.

In these trying times when every bit of data can help build up your personal profile, it would pay in the longer run for everyone to exercise caution while accessing Internet. Moreover caution is just not limited to accessing Internet but also the Apps and their system level permissions do play an important role in securing your privacy.

Rogue Wi-Fis are very difficult to detect since there is very little information that they leak and it is very much possible that SSID will be replicated by these criminals in order to lure unsuspecting victims into their trap. It is also very much probable that the Rogue Wi-Fi wouldn’t ask for registration / authentication and should alert the users that something is amiss.

How to user Free Wi-Fi:

  1. Implement VPN on your devices / laptops
  2. Keep a separate Cell Number for accessing the Wi-Fi as most of them rely on OTP sent as an SMS to the registered number. It should be different from the one used for Banking Transactions.
  3. Verify the App Permissions before installing them on your device.
  4. Never conduct banking transactions through Free WI-FI; one may never know who is sniffing your traffic.
  5. Always keep you Phone Antivirus updated to ensure maximum efficiency.
  6. When in doubt about a particular SSID, do ask the owner of the shop who is providing this service and you may always choose to disconnect immediately.

 


%d bloggers like this: